Skip to content

Latest commit

 

History

History
112 lines (80 loc) · 4.21 KB

README.md

File metadata and controls

112 lines (80 loc) · 4.21 KB
Raw

AWS Nitro Enclave with Amazon Simple Queue Service (Amazon SQS)

This pattern represents an example implementation of an AWS Nitro Enclave processing messages from an Amazon SQS queue.

Architecture

Deploying the solution with AWS CDK

Deploying the solution with the AWS CDK The AWS CDK is an open-source framework for defining and provisioning cloud application resources. It uses common programming languages such as JavaScript, C#, and Python. The AWS CDK command line interface (CLI) allows you to interact with CDK applications. It provides features like synthesizing AWS CloudFormation templates, confirming the security changes, and deploying applications.

This section shows how to prepare the environment for running CDK and the sample code. For this walkthrough, you must have the following prerequisites:

When working with Python, it’s good practice to use venv to create project-specific virtual environments. The use of venv also reflects AWS CDK standard behavior. You can find out more in the workshop Activating the virtualenv.

  1. Install the CDK and test the CDK CLI:

    npm install -g aws-cdk && cdk --version

  2. Download the code from the GitHub repo and switch in the new directory:

    git clone https://github.com/aws-samples/aws-nitro-enclave-blockchain-wallet.git && cd aws-nitro-enclave-blockchain-wallet

  3. Install the dependencies using the Python package manager:

    pip install -r requirements.txt

  4. Specify the AWS region and account for your deployment:

    export CDK_DEPLOY_REGION=us-east-1
export CDK_DEPLOY_ACCOUNT=$(aws sts get-caller-identity | jq -r '.Account')
export CDK_APPLICATION_TYPE=dotnet_sqs_integration
export CDK_PREFIX=dev

    You can set the CDK_PREFIX variable as per your preference.

  5. Trigger the vsock-proxy build:

    ./scripts/build_vsock_proxy.sh

  6. Build the dotnet app:

    ./scripts/build_dotnet_app.sh

  7. Deploy the example code with the CDK CLI:

    cdk deploy ${CDK_PREFIX}NitroDotnetSqsIntegration

  8. Navigate to the EC2 console, copy the instance id of the EC2 instance, and connect to the instance via AWS Systems Manager (make sure you have the Session Manager plugin installed):

    aws ssm start-session --target <EC2 instance id> --region ${CDK_DEPLOY_REGION}

  9. Switch to ec2-user:

    sudo su ec2-user

  10. Attach to the signing_server enclave (ensure that the enclave has been deployed with --debug-mode flag). You should see the logs showing the source and target SQS queues.

    nitro-cli console --enclave-name signing_server

  11. Go to SQS on the AWS Console and send a message in the Source_Queue.

  1. Observe the logs on the enclave console, you will see the message being picked by the enclave.

  1. Switch back to SQS and poll for messages on the Target_Queue, you will see a response message coming from the enclave.

Cleaning up

Once you have completed the deployment and tested the application, clean up the environment to avoid incurring extra cost. This command removes all resources in this stack provisioned by the CDK:

cdk destroy

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.